Vulnerability Description
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | 3.0.29 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
- http://marc.info/?l=bugtraq&m=125003356619515&w=2
- http://osvdb.org/50230
- http://secunia.com/advisories/32813Vendor Advisory
- http://secunia.com/advisories/32919Vendor Advisory
- http://secunia.com/advisories/32951
- http://secunia.com/advisories/32968
- http://secunia.com/advisories/36281
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1
- http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch
- http://us1.samba.org/samba/security/CVE-2008-4314.html
- http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.ht
- http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.ht
- http://www.securityfocus.com/bid/32494
FAQ
What is CVE-2008-4314?
CVE-2008-4314 is a vulnerability with a CVSS score of 8.5 (HIGH). smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&pa...
How severe is CVE-2008-4314?
CVE-2008-4314 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4314?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba.